To explain: I did no API hacking. This was so trivial a bug that it was found entirely by accident simply browsing the page. Someone happened to be reading the page via the popular GreaterWrong mirror and noticed that I mentioned an ‘anonymous’ comment but that I was clearly responding to a “Mark_Friedenbach” and puzzled, checked the LW2 version, and loled. Oops. (Not that it came as too much of a surprise to me. I remember his comments from before he chose to go anonymous… Bullshit about ‘Engrish’ is par for the course.)
This was not intentional on the part of GW or saturn2, it’s simply that GW has always cached the user ID & name (because why wouldn’t it) and whoever implemented the ‘anonymous’ feature apparently didn’t think through the user ID part of it. So, this entire time, for however many years the ‘anonymous’ thing has been there, it’s been completely broken (and it would be broken even if GW was not around, because anyone with any way to access old user ID/name pairs, such as via the Internet Archive, would be able to link them).
Since the horses which left the barn have long since broken a leg and been sent to the glue factory, and it’s obvious once you start looking (you didn’t spot GW, but you did see the API problem immediately), I felt no particular hurry to disclose it when it served as such an incredible example for a comment claiming, among other things, that it is so absurd that anyone would ever make a stupid design choice that it constitutes grounds for ignoring anything I say. That is not a gift horse I will look in the mouth. Like a good magic trick, it works best when the viewer can’t wave it away by coming up with a patch for it. (“I would simply not write a cryptocurrency which made any mistakes.”)
Nor did I deanonymize him, contra your other comment. I was deliberate about not using his full username and using just “Mark”; had I wanted to use it, I would have, but I just wanted to prove to him that he was not anonymous, due to a stupid bug. There are many Marks on LW, even considered strictly as usernames containing the term and ignoring the real possibility they might use a username not containing ‘[Mm]ark*’. (Mark Xu & Mark Otaris just off the top of my head.
If anyone ‘deanonymized’ him (considering one can just read it right there on the GW page and many people already have), it would be you. I do hope we’re not going to hear any preaching about responsible disclosure coming from the person who rushed to publicly post all the details and the full user name? (What sort of ‘high tier’ would we put you on or how would one describe ‘acts like this one’?)
Additionally, I find Gwern’s presentation of this knowledge glib and unbecoming, which calls back to the very issues that Mark objects to.
I find Mark’s comments glib and unbecoming, and a good example of why we might not want to have not anonymous comments at all. If he wants to post comments about how a character thinking something in a story is wildly “unprofessional” or make up numbers, he can register a pseudonym and have a visible history tying his comments together like anyone else.
You called attention to the existence of a hack and said his name, that could be enough for some people to uncover identity. (Agreed that people posting the full name were not very considerate either). Did it even occur to you that saying some things in some countries is illegal and your doxxing victim could go to prison for saying something that looks innocuous to you? Do you know where Mark is from and what all his country’s speech laws are? I am so completely disappointed that you would notice a leak like this and not quietly alert people to fix it and PM Mark about it, but doxx someone over an internet argument.
Did it even occur to you that saying some things in some countries is illegal and your doxxing victim could go to prison for saying something that looks innocuous to you? Do you know where Mark is from and what all his country’s speech laws are?
If Mark is in such a situation (which he was not, and I knew he was not), then the real culprit is whoever implemented such a completely broken and utterly unfixable ‘anonymous’ comment, and himself for being a security researcher and yet believing that retroactively making comments ‘anonymous’ on a publicly-scrape-able website would protect him against nation-state actors when anonymity was neither the goal nor a documented promise of the account deletion feature he was abusing and then crying ‘dox!’ about it not doing what it wasn’t supposed to do and didn’t do.
This was not intentional on the part of GW or saturn2, it’s simply that GW has always cached the user ID & name (because why wouldn’t it) and whoever implemented the ‘anonymous’ feature apparently didn’t think through the user ID part of it.
I did think of it! But having documents without ownership sure requires a substantial rewrite of a lot of LW code in a way that didn’t seem worth the effort. And any hope for real anonymity for historical comments was already lost with lots of people scraping the site. If we ever had any official “post anonymously” features, I would definitely care to fix these issues, but this is a deleted account, and posting from a deleted account is itself more like a bug and not an officially supported feature (we allow deleted accounts to still login so they can recover any content from things like PMs, and I guess we left open the ability to leave comments).
I would strongly advise closing the commenting loophole then, if that was never intended to be possible. The only thing worse than not having security/anonymity is having the illusion of security/anonymity.
While I agree that total privacy/anonymity is almost impossible, “pretty good” privacy in practice can be achieved through obscurity. For example, you could find my full name by following two links, but most people won’t bother. (If you do, please don’t post it here.)
Absolutely. But you know you are relying on obscurity and relatively modest cost there, and you keep that in mind when you comment. Which is fine. Whereas if you thought that it was secure and breaking it came at a high cost (though it was in fact ~5 seconds of effort away), you might make comments you would not otherwise. Which is less fine.
If anyone ‘deanonymized’ him (considering one can just read it right there on the GW page and many people already have), it would be you. I do hope we’re not going to hear any preaching about responsible disclosure coming from the person who rushed to publicly post all the details and the full user name?
Gwern’s rhetoric elides the consideration that my message is extremely unlikely to be consequential against Mark, as he himself explains.
I point out that is a reasonable characterization that all the effects/benefits of calling out Mark accrue to Gwern by the device of using Mark’s first name, yet he can escape a charge of “doxxing”, by the same.
I call out to readers to consider what the substance of what my thread is about, and what the various choices I’ve made, and consequent content might reveal.
Yes, he does claim it. So, why did you do it? Why did you post his whole username, when I did not and no one could figure out who it was from simply ‘Mark’?
I point out that is a reasonable characterization that all the effects/benefits of calling out Mark accrue to Gwern by the device of using Mark’s first name, yet he can escape a charge of “doxxing”, by the same.
Absolutely. I did not dox him, and I neither needed nor wanted to. I did what illustrated my point with minimum harm and I gained my desired benefits that way. This is good, and not bad.
I did not post screenshots explaining how to do it and who it was, which were unnecessary and potentially do some harm. So, why did you dox Mark?
I am proud of the work of many people who built the community of LessWrong and I hope to read the interesting contributions of talented people like you in the future.
To explain: I did no API hacking. This was so trivial a bug that it was found entirely by accident simply browsing the page. Someone happened to be reading the page via the popular GreaterWrong mirror and noticed that I mentioned an ‘anonymous’ comment but that I was clearly responding to a “Mark_Friedenbach” and puzzled, checked the LW2 version, and loled. Oops. (Not that it came as too much of a surprise to me. I remember his comments from before he chose to go anonymous… Bullshit about ‘Engrish’ is par for the course.)
This was not intentional on the part of GW or saturn2, it’s simply that GW has always cached the user ID & name (because why wouldn’t it) and whoever implemented the ‘anonymous’ feature apparently didn’t think through the user ID part of it. So, this entire time, for however many years the ‘anonymous’ thing has been there, it’s been completely broken (and it would be broken even if GW was not around, because anyone with any way to access old user ID/name pairs, such as via the Internet Archive, would be able to link them).
Since the horses which left the barn have long since broken a leg and been sent to the glue factory, and it’s obvious once you start looking (you didn’t spot GW, but you did see the API problem immediately), I felt no particular hurry to disclose it when it served as such an incredible example for a comment claiming, among other things, that it is so absurd that anyone would ever make a stupid design choice that it constitutes grounds for ignoring anything I say. That is not a gift horse I will look in the mouth. Like a good magic trick, it works best when the viewer can’t wave it away by coming up with a patch for it. (“I would simply not write a cryptocurrency which made any mistakes.”)
Nor did I deanonymize him, contra your other comment. I was deliberate about not using his full username and using just “Mark”; had I wanted to use it, I would have, but I just wanted to prove to him that he was not anonymous, due to a stupid bug. There are many Marks on LW, even considered strictly as usernames containing the term and ignoring the real possibility they might use a username not containing ‘[Mm]ark*’. (Mark Xu & Mark Otaris just off the top of my head.
If anyone ‘deanonymized’ him (considering one can just read it right there on the GW page and many people already have), it would be you. I do hope we’re not going to hear any preaching about responsible disclosure coming from the person who rushed to publicly post all the details and the full user name? (What sort of ‘high tier’ would we put you on or how would one describe ‘acts like this one’?)
I find Mark’s comments glib and unbecoming, and a good example of why we might not want to have not anonymous comments at all. If he wants to post comments about how a character thinking something in a story is wildly “unprofessional” or make up numbers, he can register a pseudonym and have a visible history tying his comments together like anyone else.
You called attention to the existence of a hack and said his name, that could be enough for some people to uncover identity. (Agreed that people posting the full name were not very considerate either). Did it even occur to you that saying some things in some countries is illegal and your doxxing victim could go to prison for saying something that looks innocuous to you? Do you know where Mark is from and what all his country’s speech laws are? I am so completely disappointed that you would notice a leak like this and not quietly alert people to fix it and PM Mark about it, but doxx someone over an internet argument.
If Mark is in such a situation (which he was not, and I knew he was not), then the real culprit is whoever implemented such a completely broken and utterly unfixable ‘anonymous’ comment, and himself for being a security researcher and yet believing that retroactively making comments ‘anonymous’ on a publicly-scrape-able website would protect him against nation-state actors when anonymity was neither the goal nor a documented promise of the account deletion feature he was abusing and then crying ‘dox!’ about it not doing what it wasn’t supposed to do and didn’t do.
I did think of it! But having documents without ownership sure requires a substantial rewrite of a lot of LW code in a way that didn’t seem worth the effort. And any hope for real anonymity for historical comments was already lost with lots of people scraping the site. If we ever had any official “post anonymously” features, I would definitely care to fix these issues, but this is a deleted account, and posting from a deleted account is itself more like a bug and not an officially supported feature (we allow deleted accounts to still login so they can recover any content from things like PMs, and I guess we left open the ability to leave comments).
I would strongly advise closing the commenting loophole then, if that was never intended to be possible. The only thing worse than not having security/anonymity is having the illusion of security/anonymity.
While I agree that total privacy/anonymity is almost impossible, “pretty good” privacy in practice can be achieved through obscurity. For example, you could find my full name by following two links, but most people won’t bother. (If you do, please don’t post it here.)
Absolutely. But you know you are relying on obscurity and relatively modest cost there, and you keep that in mind when you comment. Which is fine. Whereas if you thought that it was secure and breaking it came at a high cost (though it was in fact ~5 seconds of effort away), you might make comments you would not otherwise. Which is less fine.
Yeah, that seems reasonable. Just made a PR for it.
Gwern’s rhetoric elides the consideration that my message is extremely unlikely to be consequential against Mark, as he himself explains.
I point out that is a reasonable characterization that all the effects/benefits of calling out Mark accrue to Gwern by the device of using Mark’s first name, yet he can escape a charge of “doxxing”, by the same.
I call out to readers to consider what the substance of what my thread is about, and what the various choices I’ve made, and consequent content might reveal.
Yes, he does claim it. So, why did you do it? Why did you post his whole username, when I did not and no one could figure out who it was from simply ‘Mark’?
Absolutely. I did not dox him, and I neither needed nor wanted to. I did what illustrated my point with minimum harm and I gained my desired benefits that way. This is good, and not bad.
I did not post screenshots explaining how to do it and who it was, which were unnecessary and potentially do some harm. So, why did you dox Mark?
I am proud of the work of many people who built the community of LessWrong and I hope to read the interesting contributions of talented people like you in the future.